Charity Commission issues cyber security warning
Organisations urged to be vigilant after recent NHS attack
The Charity Commission has warned organisations such as museums to be vigilant about cyber security following the recent ransomware attack on the NHS and other global organisations.
The commission, which regulates charities in England and Wales, encouraged all charities to follow security advice recently issued by the City of London Police and the National Cyber Security Centre (NCSC).
The recommendations include installing system and application updates on all devices as soon as they become available, as well as using anti-virus software on all devices and keeping it updated.
Charities are also advised to create regular backups of important files to a device that isn’t left connected to their network.
So far there have been few high-profile cyber attacks on museums, although in 2014, a hacker stole the personal details of almost 8,000 visitors from the Ashmolean Museum in Oxford. And in 2016 a meeting of the Natural History Museum trustees’ audit and risk committee identified cyber security and cyber attacks as “a long term inherently high risk”.
Zak Mensah, the head of transformation at Bristol Culture, which manages five museums and the city’s archives, told Museums Journal that the recent attack on the NHS had increased the focus on cyber security within his organisation.
“Cyber security is something we think about frequently, but in the last few weeks it’s risen to the top of everyone’s agenda,” he said.
We would be crippled if our collections database was unavailable to us for more than a couple of days.”
Keeping secure backups in several different UK locations is a crucial part of the service’s security approach, Mensah added. And because hackers often take advantage of human error, other key measures include making sure strong, frequently changed passwords are used, and limiting access to key systems.
Ali Hossaini, a co-editor of the Manual of the publication Manual of Digital Museum Planning, said that the key cyber security risks for museums included breaches of visitors’ personal and financial data, as well as their own collections data. Other cyber security risks are physical theft through building security systems being compromised, and reputation damage or loss of income through website or social media hacks.
“Museums need to recognise that security is an ongoing commitment,” Hossaini told Museums Journal. “The IT environment evolves endlessly, and upgrades to one system can create faults in another. Criminals are constantly probing for opportunity, and digital exploits, as they are called, are traded on black markets.”
Harvey Grenville, the head of investigations and enforcement at the Charity Commission, said that any organisation that suspects they may have experienced cyber fraud should report it immediately to Action Fraud, which takes crime and information reports on behalf of the police, and to the commission.
Links
Charities Against Fraud
The commission, which regulates charities in England and Wales, encouraged all charities to follow security advice recently issued by the City of London Police and the National Cyber Security Centre (NCSC).
The recommendations include installing system and application updates on all devices as soon as they become available, as well as using anti-virus software on all devices and keeping it updated.
Charities are also advised to create regular backups of important files to a device that isn’t left connected to their network.
So far there have been few high-profile cyber attacks on museums, although in 2014, a hacker stole the personal details of almost 8,000 visitors from the Ashmolean Museum in Oxford. And in 2016 a meeting of the Natural History Museum trustees’ audit and risk committee identified cyber security and cyber attacks as “a long term inherently high risk”.
Zak Mensah, the head of transformation at Bristol Culture, which manages five museums and the city’s archives, told Museums Journal that the recent attack on the NHS had increased the focus on cyber security within his organisation.
“Cyber security is something we think about frequently, but in the last few weeks it’s risen to the top of everyone’s agenda,” he said.
We would be crippled if our collections database was unavailable to us for more than a couple of days.”
Keeping secure backups in several different UK locations is a crucial part of the service’s security approach, Mensah added. And because hackers often take advantage of human error, other key measures include making sure strong, frequently changed passwords are used, and limiting access to key systems.
Ali Hossaini, a co-editor of the Manual of the publication Manual of Digital Museum Planning, said that the key cyber security risks for museums included breaches of visitors’ personal and financial data, as well as their own collections data. Other cyber security risks are physical theft through building security systems being compromised, and reputation damage or loss of income through website or social media hacks.
“Museums need to recognise that security is an ongoing commitment,” Hossaini told Museums Journal. “The IT environment evolves endlessly, and upgrades to one system can create faults in another. Criminals are constantly probing for opportunity, and digital exploits, as they are called, are traded on black markets.”
Harvey Grenville, the head of investigations and enforcement at the Charity Commission, said that any organisation that suspects they may have experienced cyber fraud should report it immediately to Action Fraud, which takes crime and information reports on behalf of the police, and to the commission.
Links
Charities Against Fraud